GCIA Passed + What's next, advice
Hi All,
I passed the GCIA yesterday--was pretty thrilled. I wanted to say thank you to the forums and docrice for all the advice on preparing for the exam. Really important to just relax and take your time on the questions, as 4 hours is a good amount of time.
As far as study materials, I purchased the on-demand bundle from SANS. I'd have to say that going through all the materials and exercises that they supplied really taught me a lot. I think it's some of the best training material out there that I've seen.
I would basically type notes throughout the lessons and ended up with a lot of documentation at the end. Compiled to that I printed out various man pages for commonly used tools. I indexed all my printed output with little flags that stuck off the pages so I could quickly reach the material I was looking for through the exam. Concurrently, I setup Sguil to monitor for intrusions and utilize the various tools--the hands on experience I believe is very important for making the material stick.
I have an extra GCIA practice test that I can send to someone if they want it. Drop me a line privately and I will send it to your SANS account. If you don't hear from me that means I've given it away already.
So, my question is what's next. I'm thinking of going gold with the GCIA, so I'll do that. I currently hold CISSP, CCNP and now GCIA. I'm looking to get into a full time intrusion detection analyst position. What certifications do you think would compliment what I already have? I was thinking GCIH or GPEN would be a good next step. Was also thinking about attending TCP/IP Weapons School 3.0--do you think that would be a waste after going through the GCIA? Unfortunately, I have limited "real-world" experience relating to intrusion detection and am wondering was a prospective employer may want to see, short of directly related experience. What do you think?
Thanks!
I passed the GCIA yesterday--was pretty thrilled. I wanted to say thank you to the forums and docrice for all the advice on preparing for the exam. Really important to just relax and take your time on the questions, as 4 hours is a good amount of time.
As far as study materials, I purchased the on-demand bundle from SANS. I'd have to say that going through all the materials and exercises that they supplied really taught me a lot. I think it's some of the best training material out there that I've seen.
I would basically type notes throughout the lessons and ended up with a lot of documentation at the end. Compiled to that I printed out various man pages for commonly used tools. I indexed all my printed output with little flags that stuck off the pages so I could quickly reach the material I was looking for through the exam. Concurrently, I setup Sguil to monitor for intrusions and utilize the various tools--the hands on experience I believe is very important for making the material stick.
I have an extra GCIA practice test that I can send to someone if they want it. Drop me a line privately and I will send it to your SANS account. If you don't hear from me that means I've given it away already.
So, my question is what's next. I'm thinking of going gold with the GCIA, so I'll do that. I currently hold CISSP, CCNP and now GCIA. I'm looking to get into a full time intrusion detection analyst position. What certifications do you think would compliment what I already have? I was thinking GCIH or GPEN would be a good next step. Was also thinking about attending TCP/IP Weapons School 3.0--do you think that would be a waste after going through the GCIA? Unfortunately, I have limited "real-world" experience relating to intrusion detection and am wondering was a prospective employer may want to see, short of directly related experience. What do you think?
Thanks!
Comments
-
docrice
Member Posts: 1,706 ■■■■■■■■■■
Congratulations on the pass. I felt that TCP/IP Weapons School was a good complement to SANS 503:
http://www.techexams.net/forums/security-certifications/69093-tcp-ip-weapons-school-3-0-a.html
Intrusion detection and analysis is all about using tools to interpret traffic. It really helps to understand what's normal for an environment, and for that you need baseline data. And when you find anomalies, you need more data to support the ability to find the digital footprints.
Study protocols on networks, especially what's actually implemented on the wire, not just "how it should be per RFC." You'll start to see some recognizable differences between a SYN packet from an XP vs. Windows 7 vs. RHEL initiator. Lots and lots of details.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
